W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 1996

Re: Draft WG charter

From: Alan Freier <freier@netscape.com>
Date: Wed, 18 Sep 1996 10:22:42 -0700
Message-ID: <32402FE1.6FBE@netscape.com>
To: Jim Whitehead <ejw@ics.uci.edu>
CC: w3c-dist-auth@w3.org
> We have been operating under the assumption that MD5 authentication would
> be sufficient for our needs -- if something better than MD5 comes along, we
> would hope we could use it.  Again, the draft should state this.

As long as you're restating the assumptions, I'll add my bit.

MD5 is not likely to survive much longer and therefore should be
considered inappropriate. Claims of being close to breaking it are
beginning to circulate, including predictions of that event happening
yet this year.

As for a suitable replacement, SHA (aka, SHA-1) seems to be the likely
candidate. There is also a hash out of Europe that seems to have the
right attributes (but alas, I can't remember the name).

Alan O. Freier		Corporate Cynic
<freier@netscape.com>	(415) 937-3638 (work)
Received on Wednesday, 18 September 1996 13:23:05 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:13 UTC